2 matches found
CVE-2019-16969
In FusionPBX up to 4.5.7, the file app\fifolist\fifointeractive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS...
CVE-2019-16969
FusionPBX vulnerable to cross-site scripting (XSS) in versions up to 4.5.7 due to an unsanitized URL parameter c in the file app/fifo_list/fifo_interactive.php, which is reflected in HTML. The root cause is the reflection of an unsanitized input from the URL. Impact is client-side code execution ...